The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38599 | RHEL-06-000348 | SV-50400r2_rule | Medium |
| Description |
|---|
| This setting will cause the system greeting banner to be used for FTP connections as well. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2015-05-26 |
Details
| Check Text ( C-46174r1_chk ) |
|---|
| To verify this configuration, run the following command: grep "banner_file" /etc/vsftpd/vsftpd.conf The output should show the value of "banner_file" is set to "/etc/issue", an example of which is shown below. # grep "banner_file" /etc/vsftpd/vsftpd.conf banner_file=/etc/issue If it does not, this is a finding. |
| Fix Text (F-43564r3_fix) |
|---|
| Edit the vsftpd configuration file, which resides at "/etc/vsftpd/vsftpd.conf" by default. Add or correct the following configuration options. banner_file=/etc/issue Restart the vsftpd daemon. # service vsftpd restart |